Programming-Language and Software Security

MC2 researchers are working on wide range of techniques to address problems of software security, often focusing on the programming language as part of the solution.

One active line of work has looked at combining ideas from programming languages and cryptography for designing and implementing secure cryptographic protocols. This approach allows protocols to be specified more easily, to be optimized automatically, and to be accompanied with higher-level ("semantic") security guarantees.

Another line of work considers how to best develop software that is secure. Researchers have been developing code-analysis tools, testing techniques, and novel programming languages to help programmers write code that minimizes security flaws. MC2 also hosts the Build-it, Break-it, Fix-it contest, which tests how well participants can write secure software. Data gathered from the contest is pointing to promising software-development techniques.

MC2 researchers have also been tackling the long-standing problem of ensuring that security patches are deployed in a timely fashion by developing techniques for building software that can be dynamically updated. Such software can be patched without shutting it down, thus removing a disincentive to patch. Techniques have been demonstrated on commodity software.

Finally, researchers are also studying security and privacy on mobile-device platforms, such as Android, and developing new tools that enable app users and developers to enforce precise security policies and monitor apps’ use of their sensitive data.